diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 110e017..3e0b26d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,6 +3,7 @@ stages:
 
 variables:
   COSIGN_PASSWORD: ""
+  COSIGN_YES: "true"
 
 default:
   image: registry.gitlab.com/wunker-bunker/ci-builder
@@ -45,11 +46,14 @@ default:
 
 build:
   stage: build
+  id_tokens:
+    SIGSTORE_ID_TOKEN:
+      aud: sigstore
   parallel:
     matrix:
-      - RECIPE: 
-        - recipe-desktop.yml
-        - recipe-framework-13.yml
+      - RECIPE:
+          - recipe-desktop.yml
+          - recipe-framework-13.yml
   script:
     - buildah build --build-arg=RECIPE=$RECIPE --build-arg=FEDORA_MAJOR_VERSION=$FEDORA_MAJOR_VERSION --build-arg BASE_IMAGE_URL=$BASE_IMAGE_URL -t $FULL_IMAGE_NAME:${TAGS} .
     - |
@@ -58,4 +62,5 @@ build:
         buildah push $FULL_IMAGE_NAME:$TAG
       done
     - DIGEST=($(buildah images --format '{{.Digest}}' $FULL_IMAGE_NAME:$TAGS))
-    - cosign sign -y --key $SIGNING_SECRET $FULL_IMAGE_NAME@$DIGEST
\ No newline at end of file
+    - IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' $FULL_IMAGE_NAME:$TAGS)
+    - cosign sign $IMAGE_DIGEST